Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0191916ca9...18.exe

windows7-x64

7

0191916ca9...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/06/2024, 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe

  • Size

    44KB

  • MD5

    0191916ca92e58eb51ff73d57dc8f08f

  • SHA1

    c8be520d0aac214a4771e01fac80421e13387292

  • SHA256

    8eb224f1e43136198a0d6094d934e8744f7067f23eda5c512044d542e4b43f91

  • SHA512

    b16836efc31d5a85aa2d246bdf32a28e9cd38349d7b25677016a3e46a66579278c14749469dbd63699b7ea2902730939be452b0ea677de0bbf34556e1a02f17d

  • SSDEEP

    768:/50T7zOf6WmmmQtpL0CX9eTLr/ZWWM3SYxtF4pff4mtAshm8Wj0:/LY0tpTX8TZhejIu8Ww

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:4000
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4196
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4196 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2988
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\twe4EFB.bat"
      2⤵
        PID:3396
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.bat"
        2⤵
          PID:3296

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        a20dcdd581a69f44e7dcbeeab5084fb4

        SHA1

        61e152b89ab8a04af1843bbfee557d193924ec51

        SHA256

        009768e52ded8da33ac7d96d521e882eef9765278997f2ce47311f637696d9c7

        SHA512

        77de84bf9c5480e704991bc16d8f555dc10891e3a5a7044fe2b133cc49d20ebb78c68bbdd4c9a4acd8e7424bce28a00bd3651f3b852a2a726f3f879a741cc7ae

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        ae0a50e24628aee9d630dfe15b9e9da7

        SHA1

        9940f8bac1f0660d951affeaab2906b3282de2e1

        SHA256

        6603a273a1261be32587d4a847afabe4409f11062636086c4eea652b45ae2c97

        SHA512

        26fde4db53475af730f0a67b22d737d91432e8965614c4ebd9af266fc7426b038906b83ec22f0dc43103d183dee7a7d863c4eb72af37c9eaa98dafeaedbb2153

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC8AF.tmp
        Filesize

        15KB

        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4NMOWK91\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\0191916ca92e58eb51ff73d57dc8f08f_JaffaCakes118.bat
        Filesize

        267B

        MD5

        2fa61509622bd6905538d9e893948d37

        SHA1

        fb689c935e44002998c299468525730ade1015ff

        SHA256

        9ac6a42bc405c43333aece7da89329e7ef7e1379a6388f0de998c781dbdd4847

        SHA512

        534096d010489a4878a0525ee64133ec70aaf57acc754f6458ec51b86a8c51c1cea31e2b15677d9c3c7a296f526e95e6c5261bb5e35bc144db5a35eb1e83d7b8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\twe4EFB.bat
        Filesize

        188B

        MD5

        826255f8a0d4a9ca533dababbf773ba0

        SHA1

        efc53d65fd1f6a8e052b577355ad4c11cd14e8d1

        SHA256

        85d009334e306d53bc034013e157adb8a5ed0a8097c228a6996898d174be29ae

        SHA512

        1d6f5b66c6c8e5ed35b35b3c31a28d9de490ed3dcef45c9c7268200aaf90feeb862e32ea7896781338e9020dc6031c8b3613ac24ea609016e9d1a5ba9d07b4b4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\twe4EFB.tmp
        Filesize

        32KB

        MD5

        32aa5fa1b78b19d944a4c37b9f3405d6

        SHA1

        d5d154c5d892d4f601024c22509dc96fcfd56b87

        SHA256

        ab7832fcc2ccec82cabfe1cad1ae85c0121843780186ef36b1f9f1928c22433f

        SHA512

        1b4779037b0b975ec7bb86124524cefdc9a6316156f5eedf6d3f4879285c262d5554f3274599cdeaa06212df7bb68bdd5ff9b8b26c317e460fca33e3542d968f

        Download Submit